1. Technical Field
This application relates to security compliance. In particular, this application relates to a system for building a security compliance framework customized to a business offering.
2. Related Art
The Unified Compliance Framework™ (UCF) is a compliance database that harmonizes controls from hundreds of international regulatory requirements, standards, and guidelines (such as HIPAA, ISO 17799, PCI, FDA, SOX, etc.) into a single, hierarchal framework. Each of these regulations publishes a list of standards or controls that affected companies must comply with. These lists (also referred to as “authority documents”) contain thousands of statements stating how information should be protected, monitored, or presented. Accurately determining which of the hundreds of requirements, standards, and guidelines of the UCF are applicable to a particular business offering can be challenging and time consuming.